U.S. patent application number 14/823467 was filed with the patent office on 2015-12-03 for authenticating a replaceable printer component.
The applicant listed for this patent is HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.. Invention is credited to Jacob Grundtvig Refstrup.
Application Number | 20150343792 14/823467 |
Document ID | / |
Family ID | 41377383 |
Filed Date | 2015-12-03 |
United States Patent
Application |
20150343792 |
Kind Code |
A1 |
Refstrup; Jacob Grundtvig |
December 3, 2015 |
Authenticating a Replaceable Printer Component
Abstract
A replaceable printer component includes a first memory device
and a communication link. The first memory device is configured to
store a first secret. The communication link is configured to
communicatively link the first memory device to a printer
controller when the replaceable printer component is installed in a
printing system. The printing system comprises a second memory
device storing a second secret. The second memory device is
communicatively linked to the printer controller. The printer
controller is configured to determine an authenticity of the
replaceable printer component based on the first secret and the
second secret.
Inventors: |
Refstrup; Jacob Grundtvig;
(Vancouver, WA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. |
Houston |
TX |
US |
|
|
Family ID: |
41377383 |
Appl. No.: |
14/823467 |
Filed: |
August 11, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
12995034 |
Nov 29, 2010 |
9141816 |
|
|
PCT/US2008/065104 |
May 29, 2008 |
|
|
|
14823467 |
|
|
|
|
Current U.S.
Class: |
347/19 |
Current CPC
Class: |
G03G 2221/1823 20130101;
H04L 9/3242 20130101; G03G 15/0863 20130101; G06F 21/445 20130101;
H04N 1/32101 20130101; H04L 9/0819 20130101; G03G 2215/0697
20130101; H04N 1/00538 20130101; B41J 2/17546 20130101; G06F 21/57
20130101; G06F 21/608 20130101 |
International
Class: |
B41J 2/175 20060101
B41J002/175 |
Claims
1. A replaceable printer component comprising: a first memory
device configured to store a first secret and a value indicating
that the replaceable printer component is genuine; and a
communication link configured to communicatively link the first
memory device to a printer controller when the replaceable printer
component is installed in a printing system; wherein the
replaceable printer component is programmed to grant a read request
of said value from a printing system in which said replaceable
printer component is installed only if that read request is based
on a legitimate session key established for a communication session
with the printing system, wherein the legitimate session key is
based on the first secret and a second secret of the printing
system; wherein the first memory device is configured to generate a
session-key identifier and a first session-key based on the first
secret and provide the session-key identifier to the printing
system in response to a request to establish a communication
session; wherein the first memory device is configured to receive
the read request for the value indicating the authenticity of the
replaceable printer component, the read request including a first
message authentication code calculated using a second session-key
from the printing device, and wherein the first memory device is
configured to calculate a second message authentication code based
on the read request and the first session-key, and perform the read
request only in response to the second message authentication code
matching the first message authentication code; and wherein the
first memory device is configured to deny the read request and to
mark the first session-key as invalid in response to the second
message authentication code not matching the first message
authentication code.
2. The replaceable printer component of claim 1, wherein the first
secret is derived from the second secret.
3. The replaceable printer component of claim 1, wherein the first
memory device is configured to perform the read request by
providing a response including a third message authentication code
calculated using the first session-key.
4. The replaceable printer component of claim 1, wherein the first
memory device is configured to generate a different session-key
identifier and session-key in response to each request to establish
a communication session.
5. The replaceable printer component of claim 1, wherein the first
memory device is tamper resistant.
6. The replaceable printer component of claim 1, wherein the
replaceable printer component comprises one of an inkjet cartridge,
an inkjet printhead assembly, a toner cartridge, and an ink
supply.
7. The replaceable printer component of claim 1, wherein the
replaceable printer component prevents replay attacks by receiving
a random challenge in a request for a session key identifier from
the printing system.
8. A replaceable printer component comprising: a first memory
device configured to store a first secret and a value indicating
that the replaceable printer component is genuine; and a
communication link configured to communicatively link the first
memory device to a printer controller when the replaceable printer
component is installed in a printing system; wherein the
replaceable printer component is programmed to grant a read request
of said value from a printing system in which said replaceable
printer component is installed only if that read request is based
on a legitimate session key established for a communication session
with the printing system, wherein the legitimate session key is
based on the first secret and a second secret of the printing
system; wherein the first memory device is configured to generate a
session-key identifier and a first session-key based on the first
secret and provide the session-key identifier to the printing
system in response to a request to establish a communication
session; wherein the first memory device is configured to receive
the read request for the value indicating the authenticity of the
replaceable printer component, the read request including a first
message authentication code calculated using a second session-key
from the printing device, and wherein the first memory device is
configured to calculate a second message authentication code based
on the read request and the first session-key, and perform the read
request only in response to the second message authentication code
matching the first message authentication code; and wherein the
replaceable printer component prevents replay attacks by receiving
a random challenge in a request for a session key identifier from
the printing system.
9. The replaceable printer component of claim 8, wherein the first
memory device is configured to deny the read request and to mark
the first session-key as invalid in response to the second message
authentication code not matching the first message authentication
code.
10. The replaceable printer component of claim 8, wherein the first
secret is derived from the second secret.
11. The replaceable printer component of claim 8, wherein the first
memory device is configured to perform the read request by
providing a response including a third message authentication code
calculated using the first session-key.
12. The replaceable printer component of claim 8, wherein the first
memory device is configured to generate a different session-key
identifier and session-key in response to each request to establish
a communication session.
13. The replaceable printer component of claim 8, wherein the first
memory device is tamper resistant.
14. The replaceable printer component of claim 8, wherein the
replaceable printer component comprises one of an inkjet cartridge,
an inkjet printhead assembly, a toner cartridge, and an ink
supply.
15. A replaceable printer component comprising: a first memory
device configured to store a first secret; and a communication link
configured to communicatively link the first memory device to a
printer controller when the replaceable printer component is
installed in a printing system, wherein the first memory device is
configured to generate a session-key identifier and a first
session-key based on the first secret in response to a request
received over the communication link and transmit the session-key
identifier to the printer controller over the communication link,
wherein the first memory device is configured to receive a read
request to a data field storing a value indicating the authenticity
of the replaceable printer component, the read request including a
first message authentication code, wherein the first memory device
is configured to calculate a second message authentication code
based on the read request and the first session-key, and perform
the read request in response to the second message authentication
code matching the first message authentication code; and wherein
the first memory device is configured to deny the read request and
to mark the first session-key as invalid in response to the second
message authentication code not matching the first message
authentication code.
16. The replaceable printer component of claim 15, wherein the
first secret is derived from the second secret.
17. The replaceable printer component of claim 15, wherein the
first memory device is configured to perform the read request by
providing a response including a third message authentication code
calculated using the first session-key.
18. The replaceable printer component of claim 15, wherein the
first memory device is configured to generate a different
session-key identifier and session-key in response to each request
to establish a communication session.
19. The replaceable printer component of claim 15, wherein the
first memory device is tamper resistant.
20. The replaceable printer component of claim 15, wherein the
replaceable printer component prevents replay attacks by receiving
a random challenge in a request for a session key identifier from
the printing system.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application is a continuation of U.S.
application Ser. No. 12/995,034 filed on Nov. 29, 2010 filed under
national stage in compliance with 35 U.S.C. 371 which claims the
priority under 35 U.S.C. 119(a)-(d) or (f) and under C.F.R. 1.55(a)
of previous International Patent Application No.:
PCT/US2008/065104, filed May 29, 2008, entitled "Authenticating a
Replacement Printer Component", which application is incorporated
herein by reference in its entirety.
[0002] The present application is also related to PCT Patent
Application Serial No. PCT/US2008/065103, Attorney Docket No.
200800133-1, entitled "PROVIDING AUTHENTICATED COMMUNICATIONS TO A
REPLACEABLE PRINTER COMPONENT," filed on May 29, 2008, which is
concurrently being filed as a national stage application in
compliance with 35 U.S.C. 371, and is incorporated herein by
reference.
BACKGROUND
[0003] Current printing systems typically include one or more
replaceable printer components, such as inkjet cartridges, inkjet
printhead assemblies, toner cartridges, ink supplies, etc. Some
existing systems provide these replaceable printer components with
on-board memory to communicate information to a printer about the
replaceable component, such as ink fill level, marketing
information, etc.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] The accompanying drawings are included to provide a further
understanding of embodiments and are incorporated in and constitute
a part of this specification. The drawings illustrate embodiments
and together with the description serve to explain principles of
embodiments. Other embodiments and many of the intended advantages
of embodiments will be readily appreciated as they become better
understood by reference to the following detailed description. The
elements of the drawings are not necessarily to scale relative to
each other. Like reference numerals designate corresponding similar
parts.
[0005] FIG. 1 is a block diagram illustrating one embodiment of a
printing arrangement.
[0006] FIG. 2 is a flow diagram illustrating one embodiment of a
method for authenticating a replaceable printer component.
[0007] FIG. 3 is a flow diagram illustrating one embodiment of a
method for authenticating a read request issued by a printing
system for a data value indicating the authenticity of a
replaceable printer component.
[0008] FIG. 4 is a flow diagram illustrating one embodiment of a
method for authenticating a response from a replaceable printer
component.
DETAILED DESCRIPTION
[0009] In the following detailed description, reference is made to
the accompanying drawings which form a part hereof, and in which is
shown by way of illustration specific embodiments in which the
invention may be practiced. In this regard, directional
terminology, such as "top," "bottom," "front," "back," "leading,"
"trailing," etc., is used with reference to the orientation of the
Figure(s) being described. Because components of embodiments can be
positioned in a number of different orientations, the directional
terminology is used for purposes of illustration and is in no way
limiting. It is to be understood that other embodiments may be
utilized and structural or logical changes may be made without
departing from the scope of the present invention. The following
detailed description, therefore, is not to be taken in a limiting
sense, and the scope of the present invention is defined by the
appended claims.
[0010] It is to be understood that the features of the various
exemplary embodiments described herein may be combined with each
other, unless specifically noted otherwise.
[0011] FIG. 1 is a block diagram illustrating one embodiment of a
printing arrangement 100. Printing arrangement 100 includes a host
102 and a printing system 104. Printing system 104 facilitates
printing of graphical and/or textural images on a print medium 118,
such as paper, card stock, transparencies, Mylar, cloth, and the
like. Printing system 104 includes, for example, an inkjet printer,
a laser printer, or other suitable printer. Host 102 communicates
with printing system 104 and provides data and/or control signals
to printing system 104. Host 102 can be or can be included in a
variety of information sources such as a computer, appliance, or
other suitable device such as a personal digital assistant (PDA),
digital camera, cellular phone, etc.
[0012] In one embodiment, printing system 104 includes a printer
controller 116, a memory device 122, and a replaceable printer
component 108. Replaceable printer component 108 includes a memory
device 109. In one embodiment, printer controller 116 determines
the authenticity of replaceable printer component 108 based on
secret keys stored in memory device 109 and in memory device
122.
[0013] Printer controller 116 controls the operation of printing
system 104 and, as such, receives data and/or control signals from
host 102. Printer controller 116 communicates with host 102 via a
communication link 106. Communication link 106 includes, for
example, an electrical, optical, infrared, or other suitable
information transfer path between printer controller 116 and host
102. Printer controller 116 communicates with memory device 122 via
a communication link 120. Communication link 120 includes, for
example, an electrical, optical, infrared, or other suitable
information transfer path between printer controller 116 and memory
device 122.
[0014] Memory device 122 includes a non-volatile memory (NVM) 123
and logic 124. In one embodiment, memory device 122 is tamper proof
or tamper resistant. In one embodiment, logic 124 is a logic
circuit or embedded software running on a processor. For example,
in one embodiment, memory device 122 includes a central processing
unit (CPU) or system on a chip (SoC) with embedded non-volatile
memory 123. In another embodiment, memory device 122 includes a CPU
or SoC with external non-volatile memory 123. In another
embodiment, memory device 122 includes dedicated logic with
internal or external non-volatile memory 123. In another
embodiment, memory device 122 is embedded within printer controller
116 with internal or external non-volatile memory 123.
[0015] In one embodiment, non-volatile memory 123 is an EEPROM, a
FLASH, or another suitable memory. Non-volatile memory 123 stores
one or more secret keys used to authenticate replaceable printer
component 108. Replaceable printer component 108 is authenticated
by authenticating a communication between printer controller 116
and memory device 109 by using session-keys. To generate a
session-key, printer controller 116 passes a session-key identifier
and a request for a session-key to memory device 122. In response
to the session-key identifier and the request for a session-key,
logic circuit 124 generates a session-key based on the session-key
identifier and a secret key stored in non-volatile memory 123.
Logic circuit 124 then provides the generated session-key to
printer controller 116.
[0016] Replaceable printer component 108 includes a component of
printing system 104 that is insertable in and removable from
printing system 104. In one embodiment, replaceable printer
component 108 includes a consumable component that is disposed of
and replaced at an end of a useful life thereof. An example of such
a consumable component includes an ink container or a toner
cartridge that contains a supply of marking material for printing
system 104. The marking material is deposited on print medium 118
by printing system 104 and depleted during a useful life of the ink
container or toner cartridge. As such, the ink container or toner
cartridge is disposed of and replaced at an end of a useful life
thereof or is remanufactured and reused.
[0017] In another embodiment, replaceable printer component 108
includes a printing component that is readily replaced in printing
system 104. Examples of such a printing component include a
printhead that selectively deposits ink on print medium 118 in
response to control signals from printer controller 116 or a
printer cartridge that includes a printhead and an ink supply.
Thus, replaceable printer component 108 may include an ink
container, a printhead, or a printer cartridge if, for example,
printing system 104 includes an inkjet printer. In addition,
replaceable printer component 108 may include a toner cartridge or
a developer drum if, for example, printing system 104 includes a
laser printer. Further, replaceable printer component 108 may
include a peripheral device of printing system 104, such as an
Ethernet card, a duplexer, a paper finisher (e.g., stapler, hole
punch, etc.), or another suitable device.
[0018] Printer controller 116 and replaceable printer component 108
communicate with each other via a communication link 114.
Communication link 114 facilitates information transfer between
printer controller 116 and replaceable printer component 108 when
replaceable printer component 108 is installed in printing system
104. Communication link 114 includes, for example, an electrical,
optical, infrared, or other suitable information transfer path
between replaceable printer component 108 and printer controller
116.
[0019] Replaceable printer component 108 includes a memory device
109 that stores information for replaceable printer component 108
and/or printing system 104. Memory device 109 includes a
non-volatile memory (NVM) 110 and logic 111. In one embodiment,
memory device 109 is tamper proof or tamper resistant. In one
embodiment, logic 111 is a logic circuit or embedded software
running on a processor. For example, in one embodiment, memory
device 109 includes a CPU or SoC with embedded non-volatile memory
110. In another embodiment, memory device 109 includes a CPU or SoC
with external non-volatile memory 110. In another embodiment,
memory device 109 includes dedicated logic with internal or
external non-volatile memory 110.
[0020] In one embodiment, non-volatile memory 110 is a 256-byte or
another suitably sized non-volatile memory, such as an EEPROM, a
FLASH, or another suitable memory. In one embodiment, non-volatile
memory 110 of memory device 109 stores, for example, information
that is specific to replaceable printer component 108 and/or
information that is applicable to printing system 104. In addition,
non-volatile memory 110 can have information to be used by printing
system 104 stored therein or can record information for printing
system 104. In one embodiment, information that may be stored in
non-volatile memory 110 includes operational and/or non-operational
parameters for replaceable printer component 108 and/or printing
system 104.
[0021] Non-volatile memory 110 also stores a value in a data field
that indicates that replaceable printer component 108 is genuine.
In addition, non-volatile memory 110 stores one or more secret keys
used to authenticate replaceable printer component 108. In one
embodiment, the one or more secret keys stored in non-volatile
memory 110 of memory device 109 are derived from the one or more
secret keys stored in non-volatile memory 123 of memory device 122.
In other embodiments, the one or more secret keys stored in
non-volatile memory 110 of memory device 109 and the one or more
secret keys stored in non-volatile memory 123 of memory device 122
are derived from one or more common secret keys. As such, the one
or more secret keys stored in non-volatile memory 110 are related
to the one or more secret keys stored in non-volatile memory
123.
[0022] In one embodiment, replaceable printer component 108
includes a communication link 112 that electrically couples or
communicatively couples memory device 109 with communication link
114 and, therefore, with printer controller 116 when replaceable
printer component 108 is installed in printing system 104. As such,
when replaceable printer component 108 is installed in printing
system 104, memory device 109 communicates with printer controller
116 via communication links 112 and 114. Thus, communication links
112 and 114 include, for example, electrical couplings or
connections such as electrical contacts or pins that mate with
corresponding electrical nodes or receptacles, respectively.
[0023] Replaceable printer component 108 is authenticated by
authenticating a communication between printer controller 116 and
memory device 109 by using session-keys. To generate a session-key,
printer controller 116 passes a request for a session-key
identifier to memory device 109. In response to the request for a
session-key identifier, logic circuit 111 of memory device 109
generates a session-key identifier and an associated session-key
based on a secret key stored in non-volatile memory 110. In one
embodiment, logic circuit 111 of memory device 109 generates a
different session-key identifier and an associated session-key in
response to each request for a session-key identifier. Therefore,
each session-key identifier and each associated session-key is used
only once. Logic circuit 111 provides the generated session-key
identifier to printer controller 116, which in turn passes the
session-key identifier to memory device 122 as previously described
above.
[0024] FIG. 2 is a flow diagram illustrating one embodiment of a
method 150 for authenticating a replaceable printer component 108.
At 152, a replaceable printer component 108 is installed in a
printing system 104 including a printer controller 116. The
replaceable printer component 108 includes a memory device 109 that
has been configured with one or more secret keys for authenticating
replaceable printer component 108. The printing system 104 also
includes a memory device 122 that has been configured with one or
more secret keys for authenticating replaceable printer component
108.
[0025] At 154, printer controller 116 requests a session-key
identifier from memory device 109 of replaceable printer component
108 through communication links 114 and 112. In one embodiment,
printer controller 116 uses a random challenge in requesting the
session-key identifier to prevent replay attacks against printer
controller 116. At 156, in response to receiving the request for a
session-key identifier, logic circuit 111 of memory device 109
generates the requested session-key identifier and its associated
session-key based on a first secret key stored within non-volatile
memory 110. At 158, logic circuit 111 of memory device 109 provides
the requested session-key identifier to printer controller 116.
[0026] At 160, printer controller 116 provides the session-key
identifier received from memory device 109 to memory device 122
through communication link 120 and requests a session-key. At 162,
in response to receiving the session-key identifier and the request
for a session-key, logic circuit 124 of memory device 122 generates
the requested session-key based on the received session-key
identifier and a second secret key stored in non-volatile memory
123. If the first secret key stored in non-volatile memory 110 of
memory device 109 is related to the second secret key stored in
non-volatile memory 123 of memory device 122, then the session-key
generated by logic circuit 111 matches the session-key generated by
logic circuit 124. At 164, logic circuit 124 of memory device 122
provides the requested session-key to printer controller 116. At
166, printer controller 116 uses the received session-key to
determine the authenticity of replaceable printer component
108.
[0027] FIG. 3 is a flow diagram illustrating one embodiment of a
method 166 for authenticating a read request issued by a printing
system 104 for a data value indicating the authenticity of a
replaceable printer component 108. At 170, with a session-key
established in memory device 109 of replaceable printer component
108 and with a session-key established in printing system 104,
printer controller 116 calculates a first message authentication
code (MAC) for a read request using its session-key and a suitable
cryptographic algorithm. The read request is for a data field of
non-volatile memory 110 that stores a value indicating whether
replaceable printer component 108 is genuine. The first MAC is
calculated over the command and command parameters of the read
request.
[0028] In one embodiment, the first MAC is calculated based on a
hash message authentication code (HMAC) with a secure hash such as
secure hash algorithm one (SHA-1), SHA-2, or other suitable secure
hash algorithm. In another embodiment, the first MAC is calculated
based on a cipher-based MAC (CMAC) with a cipher block algorithm
such as data encryption standard (DES), 3DES, advanced encryption
standard (AES), Rivest cipher two (RC2), or other suitable cipher
block algorithm. In other embodiments, the first MAC is calculated
using another suitable technique.
[0029] At 172, printer controller 116 issues the read request
including the first MAC to memory device 109 of replaceable printer
component 108. At 174, in response to the read request, logic
circuit 111 of memory device 109 calculates a second MAC for the
received read request using its session-key and the cryptographic
algorithm. At 176, logic circuit 111 of memory device 109 compares
the received first MAC to the calculated second MAC.
[0030] At 178, if the first MAC does not match the second MAC, then
the session-key of memory device 109 does not match the session-key
of printing system 104. Therefore, the communication between memory
device 109 and printer controller 116 is not authenticated. At 182,
logic circuit 111 of memory device 109 aborts or denies the
requested read operation. By denying the requested read operation,
replaceable printer component 108 has determined that printer
controller 116 is not authentic. Therefore, replaceable printer
component 108 does not communicate with printer controller 116. At
184, logic circuit 111 of memory device 109 marks its session-key
as invalid such that it cannot be used again.
[0031] At 178, if the first MAC matches the second MAC, then the
session-key of memory device 109 matches the session-key of
printing system 104. Therefore, the communication between memory
device 109 and printer controller 116 is authenticated. At 180,
logic circuit 111 of memory device 109 performs the requested read
operation. In response to the read operation, memory device 109
returns a response including the value of the data field indicating
that replaceable printer component 108 is genuine.
[0032] FIG. 4 is a flow diagram illustrating one embodiment of a
method 180 for authenticating a response from replaceable printer
component 108. At 186, memory device 109 calculates a third MAC for
the response using its session-key and the cryptographic algorithm.
The third MAC is calculated over the command MAC and response data.
At 188, memory device 109 provides the response including the third
MAC to printer controller 116. At 190, in response to the response
from memory device 109, printer controller 116 calculates a fourth
MAC for the received response using its session-key and the
cryptographic algorithm. At 192, printer controller 116 compares
the received third MAC to the calculated fourth MAC.
[0033] At 194, if the third MAC does not match the fourth MAC, then
the session-key of printing system 104 does not match the
session-key of memory device 109. Therefore, the communication
between printer controller 116 and memory device 109 is not
authenticated. Thus, at 198 printer controller 116 determines that
replaceable printer component 108 is not authentic.
[0034] At 194, if the third MAC matches the fourth MAC, then the
session-key of printing system 104 matches the session-key of
memory device 109. Therefore, the communication between printer
controller 116 and memory device 109 is authenticated. Since the
communication between memory device 109 and printer controller 116
has been authenticated, printer controller 116 can trust the value
returned in response to the read request. Therefore, at 196 printer
controller 116 determines that replaceable printer component 108 is
authentic.
[0035] Embodiments provide a printing system into which a
replaceable printer component can be installed. Printing system
embodiments include a memory device storing one or more secret
keys. Replaceable printer component embodiments include a memory
device storing one or more secret keys related to the one or more
secret keys stored in the memory device of the printing system
embodiments. The one or more secret keys stored in the printing
system embodiments and in the replaceable printer component
embodiments are used to authenticate the replaceable printer
component embodiments. Therefore, the use of counterfeit
replaceable printer components in the printing system embodiments
is prevented.
[0036] Although specific embodiments have been illustrated and
described herein, it will be appreciated by those of ordinary skill
in the art that a variety of alternate and/or equivalent
implementations may be substituted for the specific embodiments
shown and described without departing from the scope of the present
invention. This application is intended to cover any adaptations or
variations of the specific embodiments discussed herein. Therefore,
it is intended that this invention be limited only by the claims
and the equivalents thereof.
* * * * *